Bitcoin Security Architecture: A Brief Overview

Bitcoin is an emerging technical and economic phenomenon, based upon a self-published paper by Satoshi Nakamoto. Many sites have taken notice of Bitcoin and have published some very thoughtful “what is Bitcoin,” “How-to get started” documentation. But the resources available to address Bitcoin are few, and primarily oriented toward enthusiasts, casual hobbyists, or those interested in making and securing a profit off of Bitcoin generation (“mining”). In this post, we make an effort to extend the Bitcoin security body of knowledge, but from an organizational perspective: what are the risks associated with adopting Bitcoin, intentionally or unintentionally.

Bitcoin’s success is dependent at least upon its ability to securely fulfill its two primary goals: money generation and transaction validation. In addition to these two goals, the currency must face traditional economic challenges such as market confidence, which are somewhat outside the scope of our expertise, and traditional information assurance challenges, which are not.

Money Generation

Money generation in Bitcoin is a function of block validation. The first transaction of the block is a payment to whoever solves the block’s hash via proof-of-work (50 new Bitcoins, or BTC, at the moment; or block processing fees once all of the available Bitcoins have been generated). Locks are defined by any transactions collected since the last block was received for the longest known chain of blocks until the next proof-of-work is generated. The proof-of-work, hashed against the transactions being validated, serves as a distributed, trusted timestamp of sorts.

Each proof-of-work, which is incredibly computationally expensive, constitutes a primary function of the Bitcoin P2P network. For the foreseeable future, the collective processing power of the Bitcoin network will increase in proportion to the profitability of “mining” BTCs. As the number of BTCs in the economy approaches the maximum of 21 million, the number of coins created by the network will decrease. Over time, it is expected that transaction fees will increase to replace the incentive of mining with the incentive of transaction processing. Thus the processing power of the Bitcoin network will continue to pay off, representing our first set of threats.

Trojan Horse BTC Generation:
If computers become infected with persistent malware, or if existing malware is updated to begin using the infected computer’s CPU or GPU to perform mining and block validation, then enterprise resources (computer performance, network performance, and most of all, electricity) will be co-opted for use by criminals to make real money. Early efforts have been spotted in the wild.

Targeted Malware for Computer Gamers:
Because the GPUs used to play modern PC video games are quite well suited for performing the SHA256 hash operations vital to Bitcoin block validation, many intrepid “miners” are buying up the latest and greatest video cards for dedicated mining rigs. Malware packaged to target the gaming community could find a profitable foothold among enthusiasts who are not well-protected.

Money Retention

When BTCs are transacted, the coins themselves are assigned to the user’s public key and stored “in the network.” However, since they are signed with the public key, anyone with the private key may spend them. The wallet, then, is a data file that stores the private keys for a user’s accumulated BTC wealth. Users may have multiple wallets, and users who fear that their wallets have been read may transfer money to a new wallet (new set of private keys), but if the private keys are compromised there is no guarantee that a user will retain any or all of their BTCs.

For users and sites sending or receiving BTC transactions, wallet security will be crucial. In mid-June, when the exchange rate from USD to BTC was about 20:1, one Bitcoin user reported a loss of over 25,000 BTC from a poorly protected wallet, worth nearly $500,000 at the time. Organizations, and even individuals, would do well to understand the confidentiality requirements of the private keys stored in wallets. So long as users can keep track of their various wallets, there is no limitation on the number of wallets that a user could possess. Further, limiting exposure by restricting read access to the wallet (through encryption, air gap, or other means) at any time besides during a transaction will help to prevent theft of its private keys.

The Bitcoin protocol is fairly complicated, and client software does quite a bit behind the scenes that many users may not be aware of. Miners usually know enough to notice when their accepted hash rate per hour or per day drops below what they would expect. But the decentralized nature of the protocol, and the power of controlling > 50% of block validation, means that even noticing a problem may not be enough to stop an all-out attack on the economy.

The authors and maintainers of Bitcoin are quite up-front about the danger of collusion or concentration of processing power. Citing the Gambler’s Ruin mathematical problem, the official paper notes that as an attacker with greater than 50% processing power remains in that position, it becomes increasingly less probable that the minority portion of the network can win the race to confirm a malicious block offered by the attacker. This could result in the attacker being able to reverse their own transactions (violating protection against double-spending), or prevent others’ transactions or block generations from validating. If the attacker can persist in their position of power, these malicious transactions may become permanent.

Yet less than a month ago, data suggested that the operator of the popular Deepbit Mining Pool was close to attaining 50% share of miners. That dominance has since changed, but again, on July 5, an outage at BTCWorld’s mining pool pushed Deepbit’s share of the global hashrate above 50%. This shows that outpacing the 50% mark is certainly possible by an individual, by the collusion of a few major pool operators, or even an attack directed against larger pools. Note that this would include unintentional collusion (such as a hypothetical malicious compromise of large mining pools).

Other low-level protocol concerns could also pose a threat from a sophisticated attacker. The Bitcoin wiki suggests other weaknesses, and further research or speculation has uncovered some subtle ones like, timing attacks. An attack against the Bitcoin source code could be devastating. If enough clients used compromised code, this could have the same “critical mass” effect as a mining pool compromise, outpacing the capability to reverse compromised block validations. Combined with the introduction of subtle, malicious features into the network, such an attack could overwhelm the purported resilience of Bitcoin’s “decentralization.” Overall, the technical foundation of this fledgling economy is creating an opportunity for not only compromise via traditional methods (such as fraud) but electronic methods as well.

Trust and the Bitcoin Economy

Economic concerns also factor into Bitcoin’s long-term success, as well. For the moment, with pure Bitcoin transactions still somewhat of a rarity, there is a great interest in having currency exchange. Those who mine Bitcoins want to turn them into dollars; those who have dollars want to turn them into Bitcoins, in order to purchase goods and services that are offered for sale in Bitcoins. Enter the concept of the Exchange. Websites have been established that serve a similar purpose as “Wall Street” for Bitcoins.

In one particular case, a site called Mt. Gox serves as quite a large player in the exchange of Bitcoins to and from US Dollars. Bitcoin users track the exchange rates and, for the most part, the Mt. Gox historical trading data shows the going rate, or value, of Bitcoins.

US Securities laws, and the regulatory oversight of the US Securities and Exchange Commission (SEC) have required that services such as Mt. Gox register and comply with SEC regulation if they allow trades over $1,000 per person per day. As a result, Mt. Gox has imposed a $1,000 limit in order to avoid the costly regulation associated with SEC rules.

Operating a service to exchange BTCs for currency could make sites such as Mt. Gox subject to various jurisdictional regulations, particularly those dealing with anti-money laundering (AML), as they could be classified as Money Service Businesses (MSB). In order to comply with the US regulations stemming from various legislations at the Federal and State levels, including the 1970 Bank Secrecy Act (BSA) and PATRIOT ACT, trades are limited to $1,000 per person, per day. This economic reality led to what many are calling a coordinated attack on the exchange rate for Bitcoins, in a bid to crash the market, acquire more Bitcoins, and then make a profit later after the BTC price recovered.

On June 20th, 2011, an attacker compromised an administrator account at Mt. Gox with access to a large Bitcoin balance in their wallet. The attacker was then able to use the large balance to deflate the exchange rate for BTC and retrieve 2,000 BTCs from the exchange, shortcutting the $1,000 per day rule imposed by the system by making the large number of coins (worth several dollars each, prior to the attack) worth so little that they could be transferred out. Now that the value of Bitcoins has rebounded, the resulting attack essentially compromised tens of thousands of dollars in value. The Mt. Gox staff has acknowledged that the controls put in place at the site did not scale quickly enough to keep up with the value of the transactions involved.

For many, the draw of Bitcoin is its decentralized nature, removing the economic trust that many had previously placed in their governments. In the aftermath of recent economic troubles around the globe, this promise of a currency-among-peers salves the wounds left by global economic crisis. But the attack on Mt. Gox shows that the currency is not above trusting third-parties, or even trusting economic stability of the system itself. Even users who never rely upon exchanges could find their Bitcoins devalued if a similar event would occur again. Despite all of the technological capabilities, cryptographic enhancements, and novel proof-of-work protections, Bitcoin will still be at the mercy of the popular perception of its value.

The Future of Virtual Currency

Whether or not Bitcoin succeeds in its goals in the long term, the protocol has crossed a threshold of popularity that will cement its place in the history of virtual currency. The contemporary social and political factors have created an environment that is well-served by a currency with Bitcoin’s aims, and this will likely continue to drive its adoption. However, the threats inherent to the system may represent risk significant enough to derail Bitcoin and deny it longevity. Whatever its future, Bitcoin’s success so far, and the technical methods used to bring it there, will either become its foundation for success or its contribution to the next iteration of virtual currency.

Great info and well written.
Bitcoin security is slowly improving. With every attack on a bitcoin miner, miner pool, exchange, node or website, the more secure the network becomes. Everyone is being forced to beef up their security efforts or face a loss of customers or loss of bitcoins.
Security is and has to be the number one priority of the bitcoin network.
This is why we write and discuss this important subject often on our blog http://www.bitcoincreator.com.

A measured, but devastating critique.
Interesting that no-one has responded to the malware issues; and astounding to hear that Deepbit had more than 50 percent mining share on July 5.
You mention that at the moment miners want $, while those who have $ want BitCoin. I think that the exchange rate established at the moment is due to artificially high demand for BitCoin, given its recent publicity, and hoarding by miners dreaming of quick riches. In the future, miners who want $ may well far outstrip dollar holders who want BitCoin, with unfortunate consequences.
A note to Garzik: "Bitcoins are not a security, pretty much by definition."
Yes, that's true. It wouldn't be the SEC that I would expect to go after BitCoin, it's the FBI (though it's hard to be sure _ the Treasury/Secret Service? The CTFC on a longshot?).
BitCoin advocates are adamant that it is not a Ponzi scheme, and technically it doesn't meet the definition. However, I think there are many parallels.

Quote:
> "If anybody reading this article is interested in
> obtaining some bitcoins to play with, I personally use
> and recommend http://www.t*****.com to buy .... . They
> have lower fees than the main exchange (mtgox), and .....
>
> Also, I happen to have a code that will get you 10% off
> your trading fees at TradeHill for life: TH-R....."
One Question: Why is it so hard to distinguish these referrals from spam? And why do think people that anything else can be successful than providing a substantially better offer, in terms of trustworthyness, security. ease of use, legal provisions, translations, subsidiaries in every european, asian and arabian country, and many more things?
If greed would make people ingenious, we'd see a firework of brilliant ideas.... but what happens is that it's probably a mere symptom of dullness.

Nice article, congratulations!
I particularly liked the final conclusion: "Whatever its future, Bitcoin’s success so far, and the technical methods used to bring it there, will either become its foundation for success or its contribution to the next iteration of virtual currency."

This is an extremely well-thought-out article, and I agree with the analysis of risks and conclusions.
While collusion between pool operators is very unlikely (they all have a strong interest in bitcoins staying valuable), an attack which compromises multiple pools and uses their power for evil is a realistic (if unlikely) scenario.
I wonder if pool/mining software could be updated to allow individual miners in the pool to choose and/or veto transactions encoded by the pool? Perhaps a miner could be chosen at random to take responsibility for what is included in the next block. This would at least distribute the risk, although I'm doubtful that it can be done.
If anybody reading this article is interested in obtaining some bitcoins to play with, I personally use and recommend http://www.tradehill.com to buy and sell bitcoins. They have lower fees than the main exchange (mtgox), and their website seems more professional, IMHO.
Also, I happen to have a code that will get you 10% off your trading fees at TradeHill for life: TH-R1168
Enjoy!

Bitcoin is pretty secure technology. Many of its problems stem from user error (reformatting the wrong hard drive), or user's lack of security practices (using a short password for every site), or mining pools growing too large. Exchange sites need to be audited by a security firm on a regular basis. But the Bitcoin network, meanwhile, has a fabulous track record with security.
However, bitcoin mining remains a very hazardous practice. Everyone knows that the real security threat is to the miner's well-being. Luckily www.bitcoinminingaccidents.com is there to help, with safety tips and incident reports so others learn what NOT to do. Let's make mining for bitcoins safer!

Actually, bitcoin generation by malware does not seem to appear a problem. The reason is that today, the overwhelming mayority of computing power is delivered by graphic cards (GPUs), which are several hundred times faster for this purpose than standard CPUs. A normal PC would require several years to generate one bitcoin, that means that even a huge botnet with hundreds of thousands of compromised PCs cannot generate very much - and the required computing ppower is rising. Moreover, botnets can be used, and are used, to make money by other means, with the effect that bitcoin generation is not economical.
Second, an attack to owners of gaming PCs with such graphic cards is more probable. It would be, however, very noticable due to the power spend and the heat generated by the GPU. What is important in this case is that the PCs have effective measures to prevent overheating and fire if the GPU becomes to hot. This will be especially important if children or animals are in that room, as there is a risk of physical injury.
The third threat - stealing bitcoins from a wallet on a regular PC - is far more substantial. It is aggravated by the fact that, for backup purposes, private keys are generated _in advance_. To protect the wallet, the confidentality of the wallet with its private key as well as the intgegrity of the host OS need to be protected WITHOUT ANY LAPSE. It turns out that this requirement is NOT fullfilled in the vast mayority of consumer PCs running some variant of Microsoft windows. These systems are tolerated to be infected by viruses occasionally and after a virus infection, it is tried to "remove" the malware. However, this is _not_ sufficient - after a malware infection, the system is basically compromised, the OS _must_ be installed again, and the money from the old wallet _must_ be transferred to a new wallet with uncompromised security. People who will not do that will lose any amount of money, because bitcoin is truly unforgiving in this respect.
What is an alternative are systems which boot from read-only media, have a wallet on a flash medium and contain only the essential software to run the bitcoin client. Such systems which run usually a variety of Linux are already widely available (to name only one, Knoppix), and are likely to increase in sophistication. Basically, they can turn the regular PC in a single-purpose banking device which is relatively immune to malware.

Good post, but minor (if significant) correction:
The SEC has nothing to do with bitcoins.
Mt.Gox and other exchanges must comply with anti-money laundering laws (AML), which falls within the purview of the US Department of Treasury and FinCEN. FinCEN sets the $1000/etc. limits nationally for MSBs, and each US state also has requirements, if you are based in the US.
Bitcoins are not a security, pretty much by definition.

Great article, thanks. Just to point out that theoretically the currency should not devalue over the long term, since there is a limited amount of the currency available (capped at 21 million bitcoins). This means that as it approaches and reaches this final limit, its value in terms of dollars should increase.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.